package org.example.controller;



import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/demo")
public class DemoController {

    @GetMapping("/userList")
    @PostAuthorize("hasPermission('user:list')")
    public String userList(){
        return "userList";
    }

    @GetMapping("/userAdd")
    @PostAuthorize("hasPermission('user:add')")
    public String userAdd(){
        return "userAdd";
    }

    @GetMapping("/supplierList")
    @PostAuthorize("hasRole('employee')")
    public String supplierList(){
        return "supplierList";
    }


    @GetMapping("/supplierAdd")
    @PostAuthorize("hasRole('manager')")
    public String supplierAdd(){
        return "supplierAdd";
    }
}
